Forum Discussion
Torsten_Sorger
Nimbostratus
NimbostratusImpact when moving from 2048 to 4096 bit RSA keys
Hi, I am trying to determine the impact of moving from 2048 bit RSA keys to 4096 bit RSA keys for a clientside ssl profile and would like to get some details of the impact when doing so.
- I read that the TPS would drop to 20% of what we would be capable when staying on 2048 bit keys. Assuming unlimited license.
- How much more latency would we have to face in the handshake process?
- Is there a list of incompatible clients available? Something like 'Outlook 2007, Firefox 12, ...'
- How much will the increased keysize strengthen the tls connection assuming we stick to the same cipher?
- Any other sideeffects?
I did also open a F5 support case to this (C2910446 - Analysis of impact when moving from 2048 to 4096 bit RSA keys) but I was wondering if anyone from the community got some interesting ideas/comments to share.
Once I get a proper response from F5 support I can share here as well as I think many might be interested.
Cheers, Torsten
y_ajit_381334Altostratus
Hi Torsten,
I Would be interested in knowing the response on this from F5 support team.
FozailHi,
Changing from 2048 to 4096 bit keys, would reduce number of supported TPS as you have noticed/got the information. However at the same time it would need more resources as well to cope up with 4096 bit keys. Hence it might depend that what hardware do you have where you would like to change the key.
I would suggest that involve account manager to get more concrete information on this.
Torsten_SorgerWe did just close the case and it pretty much boils down to this:
Performance should be impacted by (up to) 17x comparing 1024 and 4096 bit keys, factor between 1024 and 2048 is 4x. See K13067: Performance impact of transitioning to 2048-bit SSL key sizes to this in detail.
Regarding licensing, there is quite some explanation available in K6475: Overview of SSL TPS licensing limits.
A few ressources outside were provided regrading this topic:
- Yubico Blog - The Big Debate, 2048 vs. 4096, Yubico’s Position
- Random Notes - HTTPS Performance, 2048-bit vs 4096-bit
- CertSimple - So you're making an RSA key for an HTTPS certificate. What key size do you use?
For actual measurements F5 refers to professional services.